M html.go → html.go

@@ -29,7 +29,7 @@ HTML_SKIP_HTML                = 1 << iota // skip preformatted HTML blocks
 	HTML_SKIP_STYLE                           // skip embedded <style> elements
 	HTML_SKIP_IMAGES                          // skip embedded images
 	HTML_SKIP_LINKS                           // skip all links
-	HTML_SKIP_SCRIPT                          // skip embedded <script> elements
+	HTML_SANITIZE_OUTPUT                      // strip output of everything that's not known to be safe
 	HTML_SAFELINK                             // only link to trusted protocols
 	HTML_TOC                                  // generate a table of contents
 	HTML_OMIT_CONTENTS                        // skip the main contents (for a standalone table of contents)
@@ -534,9 +534,6 @@ if options.flags&HTML_SKIP_LINKS != 0 && isHtmlTag(text, "a") {
 		return
 	}
 	if options.flags&HTML_SKIP_IMAGES != 0 && isHtmlTag(text, "img") {
-		return
-	}
-	if options.flags&HTML_SKIP_SCRIPT != 0 && isHtmlTag(text, "script") {
 		return
 	}
 	out.Write(text)

M inline_test.go → inline_test.go

@@ -202,7 +202,7 @@ // XXX: this doesn't pass yet
 		//"<iframe src=http://ha.ckers.org/scriptlet.html <",
 		//"",
 	}
-	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SKIP_SCRIPT)
+	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT)
 }
 
 func TestEmphasis(t *testing.T) {

M markdown.go → markdown.go

@@ -233,7 +233,7 @@ htmlFlags |= HTML_USE_XHTML
 	htmlFlags |= HTML_USE_SMARTYPANTS
 	htmlFlags |= HTML_SMARTYPANTS_FRACTIONS
 	htmlFlags |= HTML_SMARTYPANTS_LATEX_DASHES
-	htmlFlags |= HTML_SKIP_SCRIPT
+	htmlFlags |= HTML_SANITIZE_OUTPUT
 	renderer := HtmlRenderer(htmlFlags, "", "")
 
 	// set up the parser
@@ -293,7 +293,7 @@ 
 	first := firstPass(p, input)
 	second := secondPass(p, first)
 
-	if renderer.GetFlags()&HTML_SKIP_SCRIPT != 0 {
+	if renderer.GetFlags()&HTML_SANITIZE_OUTPUT != 0 {
 		second = sanitizeHtml(second)
 	}